This month the Malicious Software Removal Tool (MSRT) includes a new malware family - MSIL/Bladabindi . An interesting part of this family is that the author made three versions of this RAT, written in VB.NET, VBS and AutoIt. The malware builder is also publically available for download.
Because of...

Recently, we’ve seen similar activities being performed by different malware that monitor online Korean applications. Mostly, the applications they monitor are card games, such as those in Figure 1.
Figure 1: Examples of online Korean games that are being monitored. (Source: http://www.hangame...

Nowadays many people believe in the opportunity to achieve great wealth without much effort, not leaving the house, not interrupting their favorite computer games, forums, social networking and so on. This type of opportunity is widely marketed by companies providing paid digital content services. You...

With the growth in adoption of 64-bit architectures and associated operating systems, we're seeing the usual malicious suspects following the trend. We have seen variants of several families, including Alureon , Koobface , Sirefef and Ursnif targeting this platform. These families adopt various techniques...

Facebook malware attacks are not new. Scams spreading via status updates have been around for a long time, but in recent weeks one threat has been getting creative in terms of social engineering. Backdoor:Win32/Caphaw.A can intercept URL requests in both Firefox and Internet Explorer and it has been...

We recently came across what appeared to be a new sample, but was actually part of malware discovered in 2010. This new-old sample is built from publicly available source code and, like many of its kind, is frequently rebranded. Because of all the changes that malware authors have made, we have detection...

We are tracking the trails of this fake " System Defragmenter " software since its first appearance last October 2010, and have warned our customers in our earlier post about this trojan software. In this follow-up post, we give an update including a new variant worth noting for our customers...

Malware nowadays benefits from the complexity of the Internet ecosystem to infect new computers through vectors such as browser plugins, social networks, and instant messaging programs.
In this two-parter series, we'll look at Worm:Win32/Dorkbot, a prevalent worm with the capabilities of an IRC backdoor...

We use thumb drives in different ways – usually to transfer files from one computer to another. When we create folders in thumb drives, we have a certain level of confidence that the folder isn't malicious or doesn't contain malware. Unfortunately, this assumption is not always true. For the month...

In part 1 of this series , we talked about Dorkbot and its spreading mechanisms that required user interaction. In this post, we'll talk about how Dorkbot spreads automatically, via drive-by downloads and Autorun files.
Spreading vectors not requiring user interaction: Drive-by downloads and Autorun...

At the Virus Bulletin conference this year, there was a talk about the limitations and suggested enhancements for the Early Launch Anti-Malware (ELAM) environment. The main observation, complaint if you will, was that there is no way for an anti-malware (AM) engine to perform a deep scan. However, there...

The MMPC has been routinely monitoring threats (via the desktop) that affect different mobile platforms such as Symbian, Java ME, Android, RIM, iOS and Windows Mobile. One of the increasingly common ways we see mobile devices being compromised is by allowing the user to download and install applications...